What zero trust looks like when you build it step by step

In this Help Net Security video, Jonathan Edwards, Managing Director at KeyData Cyber, walks us through what practical zero trust adoption looks like in stages. He explains why he dislikes the term itself, then shifts to steps teams can follow without getting stuck in theory. The first part focuses on basic actions such as turning on multi-factor authentication, removing old accounts, tightening access for high-risk roles, automating offboarding, and helping employees understand why these changes matter.

Next, he describes how to add context to access decisions, including conditional access, device health checks, device tagging, baseline modeling, and adaptive authentication. He then moves into cleanup work that many organizations avoid, like fixing bloated roles and tagging data so it can be protected across apps.

Later, he covers just-in-time access, continuous monitoring, and the need for metrics. He ends by stressing that zero trust succeeds only when it supports business goals.